IETF Logo Mail Archive

[TLS] Ticket caching (was Re: tickets or sesssions or both (oh my))

Martin Thomson <martin.thomson@gmail.com> Wed, 03 September 2014 20:27 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35E9F1A0AE4 for <tls@ietfa.amsl.com>; Wed, 3 Sep 2014 13:27:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WrSe7WOnn4O3 for <tls@ietfa.amsl.com>; Wed, 3 Sep 2014 13:27:58 -0700 (PDT)
Received: from mail-lb0-x229.google.com (mail-lb0-x229.google.com [IPv6:2a00:1450:4010:c04::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EE2F11A6F4B for <tls@ietf.org>; Wed, 3 Sep 2014 13:27:55 -0700 (PDT)
Received: by mail-lb0-f169.google.com with SMTP id l4so10335175lbv.14 for <tls@ietf.org>; Wed, 03 Sep 2014 13:27:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=lnp8xioj0lKRNU8yZ7Nl25cDhb+PMdnjPs/F6KMIhqE=; b=B2JR9U7PQ+ymS0WLlFc0L7V/85J280RVSWM+vKiQ/umkMfk2gyuh8tX8iPKSYCOlEC /D5uONT8Hs2GS543hcTDuG8op+l+KJmUHbZUYUZ1GndwxPARFL1OvXfci1BRaKXBMveg 5xs/CCuudha1l+74pVdTBYF9ogeSKrdhLVnNm/2eeEQ8Idm/EKeXKBwa85CzYMY/UX1U vF+larnOYkTT0jaHWPJsFg8V1nSrjWregIxdp8Hf7SICFwPpxXjHdAHi7u7bjLkarGzB V3OJSIulYlGCepg7DQYLZNDZ8L9HVP9Rpljh2eNKiK7ZAr9FnOkvMtxtek/IzK2lAs1I olRA==
MIME-Version: 1.0
X-Received: by 10.152.87.97 with SMTP id w1mr5282716laz.92.1409776074335; Wed, 03 Sep 2014 13:27:54 -0700 (PDT)
Received: by 10.25.166.75 with HTTP; Wed, 3 Sep 2014 13:27:54 -0700 (PDT)
Date: Wed, 03 Sep 2014 13:27:54 -0700
Message-ID: <CABkgnnUt7+0k7f6jRakknMXC0TugMRfuyXJ3xjNHVsQtzxRkYQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Karthikeyan Bhargavan <karthikeyan.bhargavan@inria.fr>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/bcS9z6bWJ-KsjsuJj-aPFVNwtAs
Cc: "tls@ietf.org" <tls@ietf.org>
Subject: [TLS] Ticket caching (was Re: tickets or sesssions or both (oh my))
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Sep 2014 20:27:59 -0000

On 3 September 2014 13:12, Karthikeyan Bhargavan
<karthikeyan.bhargavan@inria.fr> wrote:
> The question is what is the identity of S that C should use when storing the ticket?
> Can we give some recommendations?

The only basis we really have is the identity that was originally
sought.  We still want to permit different certificates (if not
different names), so knowing identity prior to committing the first
flight is of marginal utility anyway.

If an attacker can masquerade as a valid origin, then I don't think
that we should be specifically concerned that it can produce tickets
that cause it to access information.

It's trivial to force that first flight to go anywhere, but you have
to be able to decrypt it to gain any real advantage.  The attack you
describe requires one of a range of breaks: forcing identical master
secrets, decrypting the session (not just finding a collision in the
MAC), or breaking the previous session.

v2.23.0 | Report a Bug | By Email